<div class="config-container">
<h3>Permissions</h3>

    <div class="instructions">All system administrators and pipeline group administrators can operate on this stage (this cannot be overridden).</div>
    <%= form_for(@stage,
                :as => :stage,
                :url => admin_stage_update_path,
                :html => {:method => "PUT",
                          :id => "stage_permissions_edit_form",
                          :onsubmit => "return AjaxForm.jquery_ajax_submit(this, AjaxForm.ConfigFormEditHandler);",
                          :class => "popup_form"}) do |f| %>
        <%= md5_field %>
        <%= hidden_field_tag :pipeline_digest, @pipeline_digest %>
        <%= hidden_field_tag :pipeline_group_name, @pipeline_group_name %>
        <%= hidden_field_tag :pipeline_name, @pipeline.name %>
        <div class="fieldset">
            <% stage_has_auth_defined = @stage.hasOperatePermissionDefined() %>
            <div class="form_item security_mode checkbox_row">
                <span class="form_body_text">For this stage:</span>
                <%= radio_button_tag("stage[#{com.thoughtworks.go.config.StageConfig::SECURITY_MODE}]", "inherit", !stage_has_auth_defined, :id => "inherit_permissions", :class => "stage_security_mode") %>
                <%= label_tag("inherit", "#{'Inherit from the pipeline group'}", :for => "inherit_permissions") %>
                <%= radio_button_tag("stage[#{com.thoughtworks.go.config.StageConfig::SECURITY_MODE}]", "define", stage_has_auth_defined, :id => "define_permissions", :class => "stage_security_mode") %>
                <%= label_tag("", "#{'Specify locally'}", :for => "define_permissions") %>
            </div>
            <div class="form_item">
                <div class="inherited_permissions<%= " hidden" if stage_has_auth_defined %>">
                    <% unless @pipeline_group && @pipeline_group.hasOperationPermissionDefined() %>
                        <div class="no_permissions_message information">There is no authorization configured for this stage nor its pipeline group. Only GoCD administrators can operate this stage.</div>
                    <% else %>
                        <%= render :partial => "users_and_roles_from_group.html", :locals => {:scope => {:pipeline_group => @pipeline_group, :form => f}} %>
                    <% end %>
                </div>
                <div class="stage_permissions <%= " hidden" if !stage_has_auth_defined %>">
                    <% if @pipeline_group && @pipeline_group.hasOperationPermissionDefined() %>
                        <div class="information">The pipeline group that this pipeline belongs to has permissions configured. You can add only those users and roles that have permissions to operate on this pipeline group.</div>
                    <% end %>
                    <% if @pipeline_group && @pipeline_group.hasOperationPermissionDefined() and !stage_has_auth_defined %>
                        <%= render :partial => "edit_permissions.html", :locals => {:scope => {:stage => @stage, :form => f, :user_collection => @pipeline_group.getOperateUsers(),
                                                                                               :role_collection => @pipeline_group.getOperateRoles()}} %>
                    <% else %>
                        <%= render :partial => "edit_permissions.html", :locals => {:scope => {:stage => @stage, :form => f, :user_collection => @stage.getOperateUsers(),
                                                                                               :role_collection => @stage.getOperateRoles()}} %>
                    <% end %>
                </div>
            </div>
        </div>
        <%= render :partial => "admin/shared/form_submit", :locals => {:scope => {:reset_url => admin_stage_edit_path(:pipeline_name => @pipeline.name(), :stage_name => params[:stage_name], :current_tab => "permissions")}} unless @is_config_repo_pipeline %>
    <% end %>
</div>
<script type="text/javascript">
    Util.on_load(function() {
        jQuery("#inherit_permissions").click(function() {
            var self = jQuery(this);
            jQuery("div.stage_permissions").addClass("hidden");
            jQuery("div.inherited_permissions").removeClass("hidden");
        });
        jQuery("#define_permissions").click(function() {
            var self = jQuery(this);
            jQuery("div.stage_permissions").removeClass("hidden");
            jQuery("div.inherited_permissions").addClass("hidden");
        });
    });
    AjaxForm.error_box_selector = '#form_parent';
</script>
